<?php

require_once '../include/common.inc.php';

if (!checkAdmin()) {
    header("LOCATION:index.php");
    exit;
}

$menu_index = 2;
$page_title = 'JANSEN';
$guide_message = 'Customer | Basic Infomation';

$key = "Enter username OR email...";
getMyParam('action');
getMyParam('uid');
getMyParam('key');
getMyParam('alert_message');

if ($action == "changestatus1") {
    getMyParam('typeid');
    getMyParam('statusid');

    if ($statusid == 3) {
        $sql = "UPDATE `user` SET `type` = '$typeid', `status` = '$statusid' WHERE `id` = $uid";
        $db->query($sql);
        echo "<script>location.href='c_customer_list.php'</script>";
        exit;
    } elseif ($typeid > 0 && $statusid > 0 ) {
        $password = getPassword($typeid);
        $username = 'user' . $uid;
        $sql = "UPDATE `user` SET `username` = '$username', `password` = '" . md5($password) . "', `password2` = '$password', `type` = '$typeid', `status` = '$statusid' WHERE `id` = $uid";
        $db->query($sql);
        //echo "<script>if (confirm('Send confirmation email?')) location.href='confirm_email.php?uid=$uid'; else location.href='c_customer_list.php'</script>";
        echo "<script>location.href='c_confirm_email.php?uid=$uid'</script>";
        exit;
    }

} elseif ($action == "add") {
    getMyParam('dealerinquirycompany');
    getMyParam('dealerinquiryfirstname');
    getMyParam('dealerinquirylastname');
    getMyParam('dealerinquirybusinesstype');
    getMyParam('dealerinquiryyearsinbusiness');
    getMyParam('dealerinquiryaddress');
    getMyParam('dealerinquiryaddress2');
    getMyParam('dealerinquirycity');
    getMyParam('stateid');
    getMyParam('countryid');
    getMyParam('dealerinquirypostal');
    getMyParam('dealerinquiryphone');
    getMyParam('dealerinquiryfax');
    getMyParam('dealerinquiryemail');
    getMyParam('dealerinquiryregistrationnumber');
    getMyParam('dealerinquiryurl');
    getMyParam('find_us_content');
    getMyParam('comments');
    getMyParam('company_content');

    getMyParam('typeid');
    getMyParam('statusid');

    $sql = "SELECT `id`, `username`, `email` FROM `user` WHERE `email` = '$dealerinquiryemail' AND `status` <>3 AND `type` < 10";
    $rs = $db->get_one($sql);
    if (!empty($rs)) {
        echo "<script>alert('Email exist.');history.back(1);</script>";
        exit;
    }

    if ($dealerinquiryemail == "") {
        echo "<script>alert('You must enter a email address.');history.back(1);</script>";
        exit;
    } else {
        $sql = "INSERT INTO `user` (`firstname` , `lastname` , `company` , `business_type` , `business_year` , `address` , `address2` , `city` , `stateid` , `countryid` , `zip` , `phone` , `fax` , `email` , `company_number` , `url` , `find_us_content` , `comments` , `company_content`  )
                VALUES (
                '$dealerinquiryfirstname', '$dealerinquirylastname', '$dealerinquirycompany', '$dealerinquirybusinesstype', '$dealerinquiryyearsinbusiness', '$dealerinquiryaddress', '$dealerinquiryaddress2', '$dealerinquirycity', '$stateid', '$countryid', '$dealerinquirypostal', '$dealerinquiryphone', '$dealerinquiryfax', '$dealerinquiryemail', '$dealerinquiryregistrationnumber', '$dealerinquiryurl', '$find_us_content', '$comments', '$company_content'
                )";
        $db->query($sql);
        $uid = $db->insert_id();


        if ($statusid == 3) {
            $sql = "UPDATE `user` SET `type` = '$typeid', `status` = '$statusid' WHERE `id` = $uid";
            $db->query($sql);
            echo "<script>location.href='c_customer_list.php'</script>";
            exit;
        } elseif ($typeid > 0 && $statusid > 0 ) {
            $password = getPassword($typeid);
            $username = 'user' . $uid;
            $sql = "UPDATE `user` SET `username` = '$username', `password` = '" . md5($password) . "', `password2` = '$password', `type` = '$typeid', `status` = '$statusid' WHERE `id` = $uid";
            $db->query($sql);
            //echo "<script>if (confirm('Send confirmation email?')) location.href='confirm_email.php?uid=$uid'; else location.href='c_customer_list.php'</script>";
            echo "<script>location.href='c_confirm_email.php?uid=$uid'</script>";
            exit;
        }

        echo "<script>location.href='c_customer_list.php'</script>";
        exit;
    }
} elseif ($action == "edit") {
    getMyParam('uid');

    getMyParam('dealerinquirycompany');
    getMyParam('dealerinquiryfirstname');
    getMyParam('dealerinquirylastname');
    getMyParam('dealerinquiryusername');
    getMyParam('old_dealerinquiryusername');
    getMyParam('dealerinquirypassword2');
    getMyParam('dealerinquirybusinesstype');
    getMyParam('dealerinquiryyearsinbusiness');
    getMyParam('dealerinquiryaddress');
    getMyParam('dealerinquiryaddress2');
    getMyParam('dealerinquirycity');
    getMyParam('stateid');
    getMyParam('countryid');
    getMyParam('dealerinquirypostal');
    getMyParam('dealerinquiryphone');
    getMyParam('dealerinquiryfax');
    getMyParam('dealerinquiryemail');
    getMyParam('dealerinquiryregistrationnumber');
    getMyParam('dealerinquiryurl');
    getMyParam('find_us_content');
    getMyParam('comments');
    getMyParam('company_content');
    
    getMyParam('statusid');
    getMyParam('typeid');
    
    if ($dealerinquiryusername != $old_dealerinquiryusername) {
        $sql = "SELECT `id`, `username`, `email` FROM `user` WHERE `id` <> '$uid' AND `username` = '$dealerinquiryusername' AND `status` <>3";
        $rs = $db->get_one($sql);
        if (!empty($rs)) {
            echo "<script>alert('Username exist!');</script>";
            goEditPage($uid);
            exit;
        }        
    }
    
    if ($dealerinquiryemail == "") {
        echo "<script>alert('You must enter a email address.');</script>";
        goEditPage($uid);
        exit;
    }
    $sql = "SELECT `id`, `username`, `email` FROM `user` WHERE `id` <> '$uid' AND `email` = '$dealerinquiryemail' AND `status` <>3 AND `type` < 10";
    $rs = $db->get_one($sql);
    if (!empty($rs)) {
        $alert_message = 'Email exist! Update failed';
    } else {
        $sql = "UPDATE `user` SET
                `firstname` = '$dealerinquiryfirstname',  
                `lastname` = '$dealerinquirylastname',  
                `username` = '$dealerinquiryusername',  
                `password` = '" . md5($dealerinquirypassword2) . "',  
                `password2` = '$dealerinquirypassword2',  
                `company` = '$dealerinquirycompany',  
                `business_type` = '$dealerinquirybusinesstype',  
                `business_year` = '$dealerinquiryyearsinbusiness',  
                `address` = '$dealerinquiryaddress',  
                `address2` = '$dealerinquiryaddress2',  
                `city` = '$dealerinquirycity',  
                `stateid` = '$stateid',  
                `countryid` = '$countryid',  
                `zip` = '$dealerinquirypostal',  
                `phone` = '$dealerinquiryphone',  
                `fax` = '$dealerinquiryfax',  
                `email` = '$dealerinquiryemail',  
                `company_number` = '$dealerinquiryregistrationnumber',  
                `url` = '$dealerinquiryurl',  
                `find_us_content` = '$find_us_content',  
                `comments` = '$comments',  
                `company_content` = '$company_content',
                `type` = '$typeid',
                `status` = '$statusid'
                WHERE `id` = '$uid'";
        //echo $sql;exit;
        $db->query($sql);
        $alert_message = 'Successfully updated customer info.';
    }
    
    goFromPage($alert_message);
}

$sql_where = '';
if ($action == "search" && trim($key)  != "") {
	$sql_where = " AND (`username` LIKE '%$key%'  OR `email` LIKE '%$key%')";
}
$page_url = 'c_customer_list.php?';
$ppp = 20;

$sql = "SELECT `id` FROM `user` WHERE `type` < 10" . $sql_where;
$query = $db->query($sql);
$sql_all_num = $db->num_rows($query);

// *** page code start ***
getMyParam('page');
$page = empty($page) || !ispage($page) ? 1 : $page;
$start_limit = ($page - 1) * $ppp;
if($start_limit > $sql_all_num) {
    $start_limit = 0;
    $page = 1;
}
// *** page code end ***


$sql = "SELECT `id`, `username`, `firstname`, `lastname`, `company`, `status`, `type`, `phone`, `email`, `password2`, `address`, `city`, `countryid` FROM `user` WHERE `type` < 10 " . $sql_where . " ORDER BY `id` DESC LIMIT $start_limit, $ppp";
$query = $db->query($sql);
while($rs = $db->fetch_array($query)) {
	if ($action == "search" && trim($key) != "") {
        $rs['username'] = str_replace($key, "<font color=red>$key</font>", $rs['username']);
        $rs['email'] = str_replace($key, "<font color=red>$key</font>", $rs['email']);
    }
    $out_ary[] = $rs;
}

$page_show = getPageStr($sql_all_num, $page, $ppp, $page_url);

getMyParam('id');

require_once PrintEot('a_header');
require_once PrintEot('a_c_customer_list');
require_once PrintEot('a_footer');

?>